SSH daemon is not reading authorized_keys

[hach-que]

This is the output of sshd.exe -ddd when running it under the same user that I'm trying to login as. I've already given it the correct privileges as I can perform password authentication fine, but SSH authentication keeps getting rejected:

Server listening on :: port 22.
debug1: socket:368, io:000001F85BCC8760, fd:4
debug3: w32_fcntl fd:4
debug2: fd 4 setting O_NONBLOCK
debug3: w32_fcntl fd:4
debug3: w32_setsockopt fd:4
debug3: w32_fcntl fd:4
debug1: Bind to port 22 on 0.0.0.0.
debug3: w32_bind fd:4
debug3: w32_listen fd:4
Server listening on 0.0.0.0 port 22.
debug2: signal() sig:6, handler:00007FF7102EC1D0
debug2: signal() sig:3, handler:00007FF7102EADC0
debug2: signal() sig:8, handler:00007FF7102EC2B0
debug2: signal() sig:7, handler:00007FF7102EC2B0
debug3: w32_select fd:3
debug3: w32_select fd:4
debug3: Total in fds:2
debug2: on_select - io:000001F85BCC6590 type:1 rd:1
debug3: acceptEx - io:000001F85BCC6590
debug2: on_select - io:000001F85BCC8760 type:1 rd:1
debug3: acceptEx - io:000001F85BCC8760
debug3: wait() on 0 events and 0 childres
debug3: wait() on 2 events and 0 childres
debug3: select - returning 1
debug3: w32_accept fd:4
debug3: accept - io:000001F85BCC8760
debug2: accept io:000001F85BCC8F20
debug1: socket:380, io:000001F85BCC8F20, fd:5
debug3: w32_fcntl fd:5
debug3: fd 5 is not O_NONBLOCK
debug1: pipe - read end: handle:0000000000000180, io:000001F85BCAD250, fd:6
debug1: pipe - write end: handle:0000000000000184, io:000001F85BCAD300, fd:7
debug1: Server will not fork when running in debugging mode.
debug3: w32_close fd:3
debug1: close - io:000001F85BCC6590, type:1, fd:3, table_index:3
debug2: close - io:000001F85BCC6590
debug3: w32_close fd:4
debug1: close - io:000001F85BCC8760, type:1, fd:4, table_index:4
debug2: close - io:000001F85BCC8760
debug3: w32_close fd:6
debug1: close - io:000001F85BCAD250, type:2, fd:6, table_index:6
debug2: fileclose - pio:000001F85BCAD250
debug3: w32_close fd:7
debug1: close - io:000001F85BCAD300, type:2, fd:7, table_index:7
debug2: fileclose - pio:000001F85BCAD300
debug3: w32_fcntl fd:5
debug3: w32_fcntl fd:5
debug3: alarm() 0 secs
debug2: signal() sig:4, handler:0000000000000000
debug2: signal() sig:6, handler:0000000000000000
debug2: signal() sig:8, handler:0000000000000000
debug2: signal() sig:7, handler:0000000000000000
debug2: signal() sig:3, handler:0000000000000000
debug2: signal() sig:0, handler:0000000000000000
debug3: w32_getpeername fd:5
debug3: w32_setsockopt fd:5
debug3: w32_getpeername fd:5
debug3: w32_getpeername fd:5
debug3: w32_getsockopt fd:5
debug3: w32_getpeername fd:5
debug3: w32_getsockname fd:5
debug3: w32_getsockname fd:5
Connection from 10.1.42.6 port 35075 on 10.1.1.204 port 22
debug2: signal() sig:4, handler:00007FF7102E8F80
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:52 of remaining:52
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug2: recv - Letting APC to execute, io:000001F85BCC8F20
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:1991
debug3: recv - socket in blocking mode, io:000001F85BCC8F20
debug2: recv - (2) returning 1 bytes from completed IO, remaining:1990, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1989, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1988, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1987, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1986, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1985, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1984, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1983, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1982, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1981, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1980, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1979, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1978, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1977, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1976, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1975, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1974, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1973, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1972, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1971, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1970, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1969, io:000001F85BCC8F20
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1 bytes from prior completed IO, remaining:1968, io:000001F85BCC8F20
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p1 Microsoft_Win32_port_with_VS
debug3: w32_fcntl fd:5
debug2: fd 5 setting O_NONBLOCK
debug3: w32_fcntl fd:5
debug1: agent pid mismatch
Unable to get agent socket: communication with agent failed
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug1: SSH2_MSG_KEXINIT sent
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:840 of remaining:840
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: wait() on 0 events and 0 childres
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 1968 bytes from prior completed IO, remaining:0, io:000001F85BCC8F20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1-etm@openssh.com compression: none
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug3: wait() on 0 events and 0 childres
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:48
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 48 bytes from prior completed IO, remaining:0, io:000001F85BCC8F20
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:280 of remaining:280
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug3: wait() on 0 events and 0 childres
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:72
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 72 bytes from prior completed IO, remaining:0, io:000001F85BCC8F20
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:56 of remaining:56
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug3: wait() on 0 events and 0 childres
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:72
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 72 bytes from prior completed IO, remaining:0, io:000001F85BCC8F20
debug1: userauth-request for user Build service ssh-connection method none
debug1: attempt 0 failures 0
debug3: w32_getsockname fd:5
debug3: w32_getsockname fd:5
debug2: parse_server_config: config reprocess config len 296
debug3: getpwnam: username [Build]
debug2: input_userauth_request: setting up authctxt for Build
debug2: input_userauth_request: try method none
Failed none for Build from 10.1.42.6 port 35075 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive"
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:88 of remaining:88
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug3: wait() on 0 events and 0 childres
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:648
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - returning 648 bytes from prior completed IO, remaining:0, io:000001F85BCC8F20
debug1: userauth-request for user Build service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug3: w32_write fd:3
debug2: write - io:000001F85BC9AEF0
debug3: wait() on 0 events and 0 childres
debug2: WriteCB - pio:000001F85BC9AEF0, pending_state:1, error:0, transferred:4 of remaining: 4
debug2: write - reporting 4 bytes written, io:000001F85BC9AEF0
debug3: w32_write fd:3
debug2: write - io:000001F85BC9AEF0
debug3: wait() on 0 events and 0 childres
debug2: WriteCB - pio:000001F85BC9AEF0, pending_state:1, error:0, transferred:962 of remaining: 962
debug2: write - reporting 962 bytes written, io:000001F85BC9AEF0
debug3: w32_read fd:3
debug3: read - io:000001F85BC9AEF0 remaining:0
debug2: ReadFileEx io:000001F85BC9AEF0
debug1: ReadFileEx() ERROR:109, io:000001F85BC9AEF0
debug1: read - no more data, io:000001F85BC9AEF0
debug1: auth agent did not authorize client Build
debug3: w32_close fd:3
debug1: close - io:000001F85BC9AEF0, type:2, fd:3, table_index:3
debug2: fileclose - pio:000001F85BC9AEF0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for Build from 10.1.42.6 port 35075 ssh2: RSA SHA256:411kY2UwpriHNdFoHOxA/cBv8eL57lMgRKWOWX2U9UU
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive"
debug3: w32_write fd:5
debug2: send - io:000001F85BCC8F20
debug2: send - WSASend() returned 0, APC scheduled io:000001F85BCC8F20
debug2: WSASendCB - io:000001F85BCC8F20, pending_state:1, error:0, sent:88 of remaining:88
debug3: w32_select fd:5
debug3: Total in fds:1
debug2: on_select - io:000001F85BCC8F20 type:1 rd:1
debug3: WSARecv - pio: 000001F85BCC8F20
debug2: WSARecv - WSARecv() returned 0, io:000001F85BCC8F20
debug3: wait() on 0 events and 0 childres
debug2: WSARecvCompletionCB - io:000001F85BCC8F20, pending_state:1, flags:0, error:0, received:0
debug3: select - returning 1
debug3: w32_read fd:5
debug3: recv - io:000001F85BCC8F20
debug2: recv - connection closed, io:000001F85BCC8F20
Connection closed by 10.1.42.6
debug1: do_cleanup

It seems the SSH authentication is rejected, but it doesn't appear to be attempting to read authorized_keys at all? I have C:\Users\Build\.ssh\authorized_keys and have given the NT SERVICE\sshd account access to read that file and the .ssh directory.

[hach-que]

This is the command I'm connecting with from a Linux machine:

ssh -vvv -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes -l Build -p 22 -i sshkey 10.1.1.204 -- cmd.exe

[hach-que]

When I run the ssh agent manually from the command line I get:

C:\WINDOWS\system32>"C:\Program Files\OpenSSH-Win64\ssh-agent.exe"
agent_start pid:3660, dbg:1, child:0, pipe:0
client pid 5996 connected on \\.\pipe\ssh-authagent
debug1: connection io 0000019EBE754250 #bytes:0 state:0
debug1: connection io 0000019EBE754250 #bytes:4 state:1
debug1: connection io 0000019EBE754250 #bytes:962 state:2
debug1: client type: 1
debug1: unable to generate user token
debug1: connection 0000019EBE754250 clean up
debug1: iocp error: 6 on 0000000000000000

[hach-que]

Even when running under cmd as SYSTEM, I still get this from ssh-agent:

C:\WINDOWS\system32>"C:\program files\OpenSSH-Win64\ssh-agent.exe"
agent_start pid:4404, dbg:1, child:0, pipe:0
client pid 1204 connected on \\.\pipe\ssh-keyagent
debug1: connection io 00000289D6A72DA0 #bytes:0 state:0
debug1: connection 00000289D6A72DA0 clean up
debug1: iocp error: 6 on 0000000000000000


C:\WINDOWS\system32>"C:\program files\OpenSSH-Win64\ssh-agent.exe"
agent_start pid:900, dbg:1, child:0, pipe:0
client pid 1204 connected on \\.\pipe\ssh-authagent
debug1: connection io 0000017E35381FD0 #bytes:0 state:0
debug1: connection io 0000017E35381FD0 #bytes:4 state:1
debug1: connection io 0000017E35381FD0 #bytes:994 state:2
debug1: client type: 1
debug1: unable to generate user token
debug1: connection 0000017E35381FD0 clean up
debug1: iocp error: 6 on 0000000000000000

[hach-que]

I'm now trying a previous version with: choco upgrade -y win32-openssh -version 2016.04.05 -params '"/SSHServerFeature /KeyBasedAuthenticationFeature"' --allow-downgrade

[hach-que]

Now I'm getting:

1204 15:13:20 077 debug1: LsaRegisterLogonProcess()...
1204 15:13:20 077 debug1: Retrieving Authentification Package ID...
1204 15:13:20 077 debug1: SSH-LSA package not found. (err = 0, ntStat = c00000fe).

These logs are from sshd running as a service (I set LogLevel to DEBUG).

As I restarted my computer after running choco, Windows configured and installed updates - I'm wondering whether this could have impacted the registration of SSH-LSA.

[hach-que]

So I ran the same query that install-sshlsa.ps1 runs to check if SSH-LSA is present, and according to my registry, I have the following providers installed:

msv1_0
nxlsa
msv1_0\0ssh-lsa.dll
ssh-lsa

This is from running and writing out $arr:

$subkey = 'SYSTEM\CurrentControlSet\Control\Lsa'
$value  = 'Authentication Packages'
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 0)
$key = $reg.OpenSubKey($subkey, $true)
$arr = $key.GetValue($value)

The third option in that list, msv1_0\0ssh-lsa.dll looks almost certainly wrong. I'll try removing that entry manually and see if that was the cause of my issue.

[hach-que]

I ran the following to update the registry key for anyone else having this problem who visited this task:

$subkey = 'SYSTEM\CurrentControlSet\Control\Lsa'
$value  = 'Authentication Packages'
$reg = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine', 0)
$key = $reg.OpenSubKey($subkey, $true)
$arr = @("msv1_0","nxlsa","ssh-lsa")
$key.SetValue($value, [string[]]$arr, 'MultiString')

[hach-que]

Well now I'm getting further, though my NoMachine client can't connect any more which is inconvenient to say the least...

324 15:25:36 868 debug1: -> LsaLogon()...
324 15:25:36 868 debug1: Checking args...
324 15:25:36 868 debug1: Setting up LSA Strings...
324 15:25:36 871 debug1: LsaRegisterLogonProcess()...
324 15:25:36 871 debug1: Retrieving Authentification Package ID...
324 15:25:36 872 debug1: Allocating LsaAuth struct...
324 15:25:36 872 debug3: Checking args...
324 15:25:36 873 debug3: Adding authorized file [.ssh/authorized_keys] to LsaAuth...
324 15:25:36 873 debug3: Computing total size of LsaAuth...
324 15:25:36 873 debug3: Allocating new LsaAuth structure...
324 15:25:36 873 debug3: Filling up LsaAuth struct...
324 15:25:36 873 debug3: Converting [.ssh/authorized_keys] to UTF8...
324 15:25:36 873 debug1: Setting up TOKEN_SOURCE...
324 15:25:36 873 debug1: Login attemp...
324 15:25:37 079 debug1: SSH-LSA authorization failed. (err = 0, ntStat = c000006d).
324 15:25:37 079 debug1: <- LsaLogon()...

[hach-que]

Oh, looks like I had left in -l 'Build@DESKTOP-6HA7KPM' in my SSH client command during earlier testing. Once I corrected that to -l 'Build', everything started working.

My guess is that either the Win32 OpenSSH install scripts do weird things when NoMachine has installed it's authentication provider, and that they're (at least for the moment), incompatible. Once you install the SSH-LSA provider, it doesn't look like NoMachine is able to open any more sessions (even when it's listed as the second authentication provider).

[DarwinJS]

Just an FYI on this thread - i do not test the package for downgrade - so it would be more reliable to do an uninstall and reinstall to move backward.

That said - since the commands that move the files in place are copies with overwrite - it might be reliable to downgrade - but I haven't specifically engineered it for downgrade and don't current test it for that.

[manojampalam]

@hach-que, this thread has become to long to consume :). Can you please summarize what you've found so far and what needs to be looked into? Reopen once you do that please.